aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViktor Szakats <vszakats@users.noreply.github.com>2016-09-07 10:41:11 +0200
committerGitHub <noreply@github.com>2016-09-07 10:41:11 +0200
commit8fa20da8e1a2f38440610221576ff027eb0c7e5e (patch)
treebd80e932ac7a9c252859842a92c8607af0810797
parent9ce6d0d52821c6e33506cb173f0e27c68014e60e (diff)
mk-ca-bundle.pl: use SHA256 instead of SHA1
This hash is used to verify the original downloaded certificate bundle and also included in the generated bundle's comment header. Also rename related internal symbols to algorithm-agnostic names.
-rwxr-xr-xlib/mk-ca-bundle.pl28
1 files changed, 14 insertions, 14 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 01a552e0b..34497230d 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -225,33 +225,33 @@ sub parse_csv_param($$@) {
return @values;
}
-sub sha1 {
+sub sha256 {
my $result;
if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) {
open(FILE, $_[0]) or die "Can't open '$_[0]': $!";
binmode(FILE);
- $result = $MOD_SHA->new(1)->addfile(*FILE)->hexdigest;
+ $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest;
close(FILE);
} else {
# Use OpenSSL command if Perl Digest::SHA modules not available
- $result = (split(/ |\r|\n/,`$openssl dgst -sha1 $_[0]`))[1];
+ $result = (split(/ |\r|\n/,`$openssl dgst -sha256 $_[0]`))[1];
}
return $result;
}
-sub oldsha1 {
- my $sha1 = "";
+sub oldhash {
+ my $hash = "";
open(C, "<$_[0]") || return 0;
while(<C>) {
chomp;
- if($_ =~ /^\#\# SHA1: (.*)/) {
- $sha1 = $1;
+ if($_ =~ /^\#\# SHA256: (.*)/) {
+ $hash = $1;
last;
}
}
close(C);
- return $sha1;
+ return $hash;
}
if ( $opt_p !~ m/:/ ) {
@@ -283,9 +283,9 @@ my $stdout = $crt eq '-';
my $resp;
my $fetched;
-my $oldsha1 = oldsha1($crt);
+my $oldhash = oldhash($crt);
-report "SHA1 of old file: $oldsha1";
+report "SHA256 of old file: $oldhash";
report "Downloading '$txt' ...";
@@ -328,14 +328,14 @@ if(!$filedate) {
}
# get the hash from the download file
-my $newsha1= sha1($txt);
+my $newhash= sha256($txt);
-if(!$opt_f && $oldsha1 eq $newsha1) {
+if(!$opt_f && $oldhash eq $newhash) {
report "Downloaded file identical to previous run\'s source file. Exiting";
exit;
}
-report "SHA1 of new file: $newsha1";
+report "SHA256 of new file: $newhash";
my $currentdate = scalar gmtime($filedate);
@@ -362,7 +362,7 @@ print CRT <<EOT;
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version $version.
-## SHA1: $newsha1
+## SHA256: $newhash
##
EOT